I will show how it is possible in a few easy steps to write a perfectly valid email borne virus for modern desktop Linux. I will do so not because I want to put down Linux. Quite the opposite: I like and support Linux, which is all I’m running at home and at work. I’m a big supporter of free and open software as readers of this blog will know. But if there are any security risks, even in my favourite OS or distribution then they will need to be discussed. Even more important: A false sense of security is worse than a lack of security. And unsubstantiated claims of superiority don’t help in a reasonable discussion either.
OK it isn’t quite a Linux virus, more like a Gnome/KDE virus but the point is clearly made. There is a pretty big hole in the current Desktop implementations, i.e. KDE and Gnome, whereby a file with the .desktop suffix is essentially executable even though it does not have to have the execute bit set.
It is well worth reading and understanding so you can protect yourself from being stupid.
And hopefully someone upstream will take notice too…
Nokia buys Trolltech!
You may be thinking who? Trolltech are the company that makes the graphical toolkit which is the foundation of the “other” desktop software set for Linux – KDE. The other main platform of course being Gnome.
Another major acquisition of a big player in the Open Source ecosystem. Things are really hotting up! Rather helpfully, they have identified the “key messages” from the announcement:
- The acquisition supports Trolltech’s company vision of driving Qt adoption in the commercial and open source markets (Qt Everywhere).
- The acquisition of Trolltech will enable Nokia to accelerate the cross-platform software strategy for mobile devices and desktop applications, and to develop its Internet services business.
- With Nokia, Trolltech’s Qt technology will grow significantly in the PC and mass-volume mobile devices markets.
- Nokia plans to continue to develop Trolltech’s products and continue to drive sales to new and existing customers.
- Acquisition is subject to customary closing conditions, including regulatory and Trolltech shareholder approval.
Here’s the full press release.